[jira] [Commented] (PHOENIX-4188) Disable DTD parsing on Pherf XML documents

Hadoop QA (JIRA) Fri, 08 Sep 2017 20:06:11 -0700

    [ 
https://issues.apache.org/jira/browse/PHOENIX-4188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16159691#comment-16159691
 ]


Hadoop QA commented on PHOENIX-4188:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  
http://issues.apache.org/jira/secure/attachment/12886217/PHOENIX-4188.001.patch
  against master branch at commit 2ad5d4b48c16743b3f3968a858f9da19c14070fa.
  ATTACHMENT ID: 12886217

    {color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

    {color:green}+1 tests included{color}.  The patch appears to include 19 new 
or modified tests.

    {color:red}-1 javac{color}.  The patch appears to cause mvn compile goal to 
fail .

    Compilation errors resume:
    [ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-clean-plugin:2.5:clean (default-clean) on 
project phoenix-core: Failed to clean project: Failed to delete 
/home/jenkins/jenkins-slave/workspace/PreCommit-PHOENIX-Build/phoenix-core/target
 -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e 
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please 
read the following articles:
[ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR] 
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn <goals> -rf :phoenix-core
    

Console output: 
https://builds.apache.org/job/PreCommit-PHOENIX-Build/1413//console

This message is automatically generated.

> Disable DTD parsing on Pherf XML documents
> ------------------------------------------
>
>                 Key: PHOENIX-4188
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4188
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 4.12.0
>
>         Attachments: PHOENIX-4188.001.patch
>
>
> A security scan dinged Phoenix for an external entities attack on the XML 
> files that Pherf creates.
> We can easily work around it by disabling the inline doctype definition in 
> the XML parser we use.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (PHOENIX-4188) Disable DTD parsing on Pherf XML documents

Reply via email to